/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="client">The <see cref="SecretClient"/> to use for retrieving values.</param>
/// <param name="manager">The <see cref="KeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
SecretClient client,
KeyVaultSecretManager manager)
{
return(AddAzureKeyVault(configurationBuilder, client, new AzureKeyVaultConfigurationOptions()
{
Manager = manager
}));
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="client">The <see cref="SecretClient"/> to use for retrieving values.</param>
/// <param name="manager">The <see cref="KeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
SecretClient client,
KeyVaultSecretManager manager)
{
return(configurationBuilder.Add(new AzureKeyVaultConfigurationSource(new AzureKeyVaultConfigurationOptions()
{
Client = client,
Manager = manager
})));
}
/// <summary>
/// Adds an <see cref="IConfigurationProvider"/> that reads configuration values from the Azure KeyVault.
/// </summary>
/// <param name="configurationBuilder">The <see cref="IConfigurationBuilder"/> to add to.</param>
/// <param name="vaultUri">Azure Key Vault uri.</param>
/// <param name="credential">The credential to to use for authentication.</param>
/// <param name="manager">The <see cref="KeyVaultSecretManager"/> instance used to control secret loading.</param>
/// <returns>The <see cref="IConfigurationBuilder"/>.</returns>
public static IConfigurationBuilder AddAzureKeyVault(
this IConfigurationBuilder configurationBuilder,
Uri vaultUri,
TokenCredential credential,
KeyVaultSecretManager manager)
{
return(AddAzureKeyVault(configurationBuilder, new AzureKeyVaultConfigurationOptions(vaultUri, credential)
{
Manager = manager
}));
}
public void GetCertificate()
{
const string TenantId = @"11a111aa-11a1-11aa-11aa-1a1aa111aa11";
const string ClientId = @"11a111aa-11a1-11aa-11aa-1a1aa111aa11";
const string ClientSecret = @"someclientsecret";
const string CertificateName = @"democert123";
const string CertificateVersion = @"11a111aa11a111aa11aa1a1aa111aa11";
var manager = new KeyVaultSecretManager("cgcvault1", AzureOauthTokenAuthentication.GetOauthTokenCredentialFromClientSecret(TenantId, ClientId, ClientSecret), 3, TimeSpan.FromSeconds(2), TimeSpan.FromSeconds(15), TimeSpan.FromSeconds(10));
var response = manager.GetCertificateAsync(CertificateName, CertificateVersion, CancellationToken.None).GetAwaiter().GetResult();
Assert.IsNotNull(response, "Response is null");
Assert.IsTrue(response.IsSuccessCode, "Success code unexpected");
Assert.IsTrue(response.StatusCode == 200, "Status code unexpected");
}
private static void AddUserSecrets(HostBuilderContext ctx, IConfigurationBuilder builder)
{
if (ctx.HostingEnvironment.IsDevelopment())
{
builder.AddUserSecrets <Program>();
}
else
{
var root = builder.Build();
var vaultName = root["KeyVault:Name"];
var appId = root["KeyVault:ADApplicationId"];
var directoryId = root["KeyVault:ADDirectoryId"];
var cert = GetApplicationCertificate(root);
var uri = new Uri($"https://{vaultName}.vault.azure.net/");
var credential = new ClientCertificateCredential(directoryId, appId, cert);
var manager = new KeyVaultSecretManager();
builder.AddAzureKeyVault(uri, credential, manager);
}
}